Data breach by Addenbrooke's Hospital reveals patient information

A hospital trust has apologised after private information on more than 22,000 patients was released in two breaches.

The leaks - in 2020 and 2021 - concerned maternity and cancer patients at Addenbrooke's Hospital, Cambridge.

Roland Sinker, chief executive of Cambridge University Hospitals NHS Foundation Trust said the breaches had "only recently come to light".

Cambridge MP Daniel Zeichner has called for a review to prevent future breaches.

The trust said details shared included names, hospital numbers and some medical information - and identified women who have had terminations and miscarriages.

It said no home addresses or dates of birth were included, adding: "We have found no evidence in either case of the information being accessed or shared any further."

"I want to apologise to all of our patients for two data breaches, which happened in 2020 and 2021, and which have recently come to light," Mr Sinker said.

"Both were the result of mistakenly including patient information in Excel spreadsheets in response to Freedom of Information Act (FOI) requests."

The first case related to data provided about maternity patients in a FOI request via the What Do They Know, external website.

The website group alerted the trust to the breach and removed the information from their own website, said Mr Sinker.

In a statement, Mr Sinker explained: "In responding to the request, we mistakenly shared some personal data which was not immediately visible in the spreadsheet we provided but which could be accessed via a 'pivot table'.

"This data related to 22,073 patients booked for maternity care at The Rosie Hospital between 2 January 2016 and 31 December 2019.

"It included the names and hospital numbers of patients and their birth outcomes."

Following discovery of the breach, the trust said it undertook a review of all the FOI requests (some 8,000) it had responded to in the past 10 years.

"In doing this, we discovered one further case where patient data was mistakenly contained in a spreadsheet sent in 2021 as part of a FOI response to Wilmington PLC.

"We have requested confirmation from Wilmington PLC that it has been deleted."

That data related to 373 cancer patients on clinical trials and included their names, hospital numbers and some medical information, he said.

"While there is no evidence in either case of the information being accessed or shared beyond the original recipients, we recognise that such errors are unacceptable given our clear duty to maintain the confidentiality of patient information," Mr Sinker added.

"We want to apologise unreservedly to our patients for the worry and concern that this news may cause."

The trust said given "the sensitivity" of the maternity information, and "to avoid any risk of family members finding out about a previously undisclosed pregnancy" it would not be writing directly to patients in this group.

Instead it had set up guidance on its website, external for patients who think they might have been affected.

Labour MP Mr Zeichner said: "I am pleased that once they were aware, the trust has acted swiftly and responsibly, in consultation with patient groups, and has put in place sensible measures to support those affected.

"There now needs to be a full review to ensure that this cannot happen again."

Follow East of England news on Facebook, external, Instagram, external and X, external. Got a story? Email eastofenglandnews@bbc.co.uk , externalor WhatsApp on 0800 169 1830